Cisco Releases Security Updates for Identity Services Engine
Original release date: November 16, 2022Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
Cisco Identity Services Engine Insufficient Access Control Vulnerability
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
This product is provided subject to this Notification and this Privacy & Use policy.
CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network
Original release date: November 16, 2022Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server.
The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining Software, on the mining software that the APT actors used against the compromised FCEB network. The CSA also provides tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from the incident response as well as recommended mitigations.
CISA and FBI strongly recommend organizations apply the recommended mitigations and defensive measures, which include:
Updating affected VMware Horizon and unified access gateway (UAG) systems to the latest version.
Minimizing your organization’s internet-facing attack surface.
Exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in the CSA.
Testing your organization’s existing security controls against the ATT&CK techniques described in the CSA.
For additional information on malicious Iranian government-sponsored cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage.
This product is provided subject to this Notification and this Privacy & Use policy.
AA22-320A: Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
Original release date: November 16, 2022 Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched […]